Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
CWE-77
CVE-2021-28811
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
CVE-2021-28812
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3.
CVE-2021-27447
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-27449
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.
CVE-2021-27185
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.